﻿using System;
using System.Collections.Generic;
using Fcdbas.Biz;

namespace Fcdbas.WinUI.Common
{
    public sealed class SecurityFactory
    {
        public static string SecurityType = "User";
        public static IUserSecurity CreateSecurity()
        {
            switch(SecurityType)
            {
                case "User":
                return new UserSecurity();
                default:
                return new UserSecurity();
            }
        }
    }
    public class UserSecurity : IUserSecurity
    {
        private static List<fnd_user_security> UserSecuritys;
        public static List<fnd_user_security> UserSecs
        {
            get
            {
                if (UserSecuritys == null)
                {
                    string conName = fnd_user_security.Meta.ConnName;
                    string where = "identity = '" + AppEnvironment.Session.USER_ID + "'";
                    fnd_user_security.Meta.ConnName = FndDAL.SQLite;
                    UserSecuritys = fnd_user_security.FindAll(where, "", "", 0, 0);
                    fnd_user_security.Meta.ConnName = conName;
                }
                return UserSecuritys;
            }
            set
            {
                UserSecuritys = value;
            }
        }
        #region ISecurity 成员

        public bool Authorize(string identity_, string presObject,string securityObject, string objectType)
        {
            if (string.IsNullOrEmpty(securityObject))
                return false;
            
            bool authorized = false;
            fnd_user_security sec = null;
            sec = UserSecs.Find(p => p.identity == identity_ && p.pres_object == presObject && p.sec_object_type == "Client" && p.sec_object == securityObject && p.sub_object_type == objectType);
            if (sec != null)
                authorized = true;
            return authorized;
        }
        /// <summary>
        /// 数据库权限
        /// </summary>
        /// <param name="identity_">用户</param>
        /// <param name="securityObject">视图，表，函数等名称</param>
        /// <param name="objectType">视图，表，函数等类型</param>
        /// <returns></returns>
        public bool DBAuthorize(string identity_,string securityObject, string objectType)
        {
             if (string.IsNullOrEmpty(securityObject))
                return false;
            //if (UserSecuritys == null)
            //{
            //    string conName = fnd_user_profile.Meta.ConnName;
            //    fnd_user_profile.Meta.ConnName = FndDAL.SQLite;
            //    UserSecuritys = fnd_user_security.FindAll();
            //    fnd_user_profile.Meta.ConnName = conName;
            //}
            bool authorized = false;
            fnd_user_security sec = null;
            sec = UserSecs.Find(p => p.identity == identity_ && p.sec_object_type == SecObjectType.Database && p.sec_object == securityObject && p.sub_object_type == objectType);
            if (sec != null)
                authorized = true;
            return authorized;
      //   WHERE sec_object_type = 'Database'
      //AND sub_object_type IN ('Procedure')
      //AND identity = user_id_
      //AND sec_object = procedure_name_;
        }
        #endregion
    }
}
